The Ariane 5 launcher failure…

While developing the Ariane 5 space launcher, the designer decided to reuse the inertial reference software that had performed successfully in the Ariane 4 launcher. The inertial reference software maintains the stability of the rocket. They decided to reuse this without change, although it included additional functionality over and above that required in Ariane 5.

In the first launch of Ariane 5, the inertial navigation software failed after 37 seconds and the rocket could not be controlled. Ground controllers instructed the launcher to self-destruct and the rocket payload was destroyed. A subsequent enquiry found that the cause of the problem was an unhandled exception when a conversion of a fixed-point number to an integer resulted in a numeric overflow. This caused the run-time system to shut down the inertial reference system and launcher stability could not be maintained.

The fault had never occurred in Ariane 4 because it had less powerfull engines and the value that was converted could not be large enough for the conversion to overflow. The fault occurred in code that was not required for Ariane 5. The validation tests for the reused software were based on Ariane 5 reqirements. Because there no requirements for the function that failed, no tests were developed. Consequently, the problem with the software was never discovered during launch simulation tests…